State of Cybersecurity 2018

Feb 23, 2018

Did you know?

The General Data Protection Regulation (GDPR) will take affect May 25, 2018. This will affect global organizations that hold or process personal data of any European Union resident. The definition of “personal data” is much more broad than in current US compliance regulations, and penalties for non-compliance are 20 million Euros or 4% of global revenue, whichever is higher.

Organizations continue to struggle with threat detection and incident response. This includes everyone from SMBs to enterprise, as we saw with the breaches at Equifax and Uber. Dark Reading published the “7 SIEM Situations That Can Sack Security Teams” which explains some of the challenges with common detection tools (and even some outsourced monitoring services) and very few organizations have true incident response programs that include plans, running through scenarios in tabletop exercises, and having resources to contact if needed for escalation to an incident.

There were over 200,000 unfilled cybersecurity positions at the beginning of 2017, and CSO Online has predicted it will triple by 2021. Gartner’s 2017 report estimates that by 2019, security outsourcing services will make up approximately 3/4 of spending on security software and hardware. It’s clear that technical controls alone are not able to prevent breaches, and a more holistic approach to cybersecurity is needed.